Hi,
Does anyone know of an example that shows how to authenticate with Spring using DWR?
TIA,
- Ole
Senior Member
Spring Authentication With DWR
Hi,
Does anyone know of an example that shows how to authenticate with Spring using DWR?
TIA,
- Ole
Member
Hi ole.ersoy,
I've posted a proposal in here: http://forum.springsource.org/showthread.php?t=72970
Maybe we can work this out together.
Regards,
Senior Member
Hi Nickar,
(I'm Ole). Sure - I'd love to work this out with you. I'm currently reading up on the documentation a little more:
http://static.springframework.org/sp...-overview.html
There's a code sample in there that has this:
Authentication request = new UsernamePasswordAuthenticationToken(name, password);
Authentication result = am.authenticate(request);
SecurityContextHolder.getContext().setAuthenticati on(result);
So I'm thinking we could just wrap this on a service method that throws an authentication exception (Caught on the client side).
Thoughts?
Ole
Senior Member
P.S. If you want we can post our notes on your proposal thread? I'm going to see whether I can get a mock setup going outside of the container using the lines above, and then gradually move to testing in tomcat from there.
Member
That's what i've said
We must to be careful with Authentication (java.security.Authentication).
The other alternative is to export AuthenticationManager itself, but you have to build the Authentication object in the client.
Regards,
Senior Member
What do you think about something like this:
com.example.MyService.authenticate(String username, String password);
Expose the above type of method via DWR.
So on the javascript client side we would have something like:
try {
RemotedMyService.authenticate(username, password)
}
catch (e)
{
//authentication failed....tell user to try again
}
Member
It is nice,
I would like to return the Authentication object, so i can enforce authorizations in the frontend as in the backend.
The function authenticate must return java.security.Authentication, the object returned by AuthenticationManager.
Regards,
Senior Member
Hmm...I see - nice idea. Me like too. I'm trying to think whether there are any security issues with that...
Is it possible for a hacker to hack an instance of a DWR proxy on any browser?
I'll just leave the question up in case anyone has any input on that....
Member
This is what Authentication looks like:
We have to clean credentials (the password).Code:package org.acegisecurity; import java.io.Serializable; import java.security.Principal; public interface Authentication extends Principal, Serializable { GrantedAuthority[] getAuthorities(); /** * The credentials that prove the principal is correct. This is usually a password, but could be anything */ Object getCredentials(); /** * Stores additional details about the authentication request. These might be an IP address, certificate * serial number etc. * * @return additional details about the authentication request, or <code>null</code> if not used */ Object getDetails(); /** * The identity of the principal being authenticated. This is usually a username. Callers are expected to * populate the principal. * * @return the <code>Principal</code> being authenticated */ Object getPrincipal(); boolean isAuthenticated(); void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException; //FROM 'extends Principal' String getName(); }
Regards,
Senior Member
Another thing that needs figuring out is how do we wire up a mock. up. I'm reading through the 2.0 documentation right now and it's done like this with the namespace configuration:
But how do we do something similar using the traditional bean element declarations (bean namespace)? Or maybe we can just use the namespace configuration elements and still get the corresponding authentication manager to authenticate against it?Code:<authentication-provider> <user-service> <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="bob" password="bobspassword" authorities="ROLE_USER" /> </user-service> </authentication-provider>
Posting Permissions
